1. Field of the Invention
The present invention relates to the field of information storage and processing. More particularly, it relates to client/server systems, methods and program products that reduce overhead costs in authorization services, in ways that are upwards compatible from existing authorization services. It further relates to the field of intellectual property management, including administering access to stored content.
2. Description of the Related Art
Conventional access control systems and methods associate user and organization information too closely with each other and with access control information, impeding access to protected resources by remote users.
A conventional access control system is described, for example, in H. M. Gladney, Access Control for Large Collections, ACM Transactions on Information Systems vol. 15, no. 2, pg. 154-94 (April 1997) (hereinafter “Gladney, Access Control for Large Collections”), which is incorporated herein by reference. In such an access control system, access control information (i.e., privileges) for each object/user pair, or each object/group pair, is tabulated in an access control list.
However, user descriptions and group or organization information are too closely associated with those access control lists. A problem with such close association is the significant administrative burden required to maintain the access control lists that contain information about remote users who are outside the administrative domain of the system.
A university's computing system illustrates this problem, since approximately one-fourth of the university's population changes each year. Accordingly, the access control lists in each of the university's computing systems used by the graduating students must be changed to reflect that turnover. Any computing system outside the university would have to incur costs and tolerate the burden of changing that same access control information if the same university users also access the external computing systems.
Another problem with the close association of user, organization and object descriptors with access control information maintained in an administrative domain, is that it effectively limits an outside user's access to an object. The high cost of maintaining conventional access control information inhibits a user outside that administrative domain being given authorized access to objects within that domain.
FIGS. 1 and 2 illustrate these problems. FIG. 1 shows an association between an object or subject information 2 stored in a conventional database and a database descriptor 1 for that object or subject. The descriptor 1 can be used as a key to locate the object or subject information in the database. In order to operate as a database key the descriptor 1 must be unique within the database, however, the database key is not necessarily unique outside the context of that database. This non-uniqueness is a problem when outside the administrative domain of the database the user needs to access a protected object, because a fundamental requirement of an access control service is to identify the requested protected object unambiguously. Accordingly, it is necessary for a remote user to unambiguously specify the object within the database, and for the user to be unambiguously identified to the service providing authorization to the protected object. When a request is received from within a single administrative domain the object and user identifiers need only be unique within the context of that domain. However, when a request is received outside that administrative domain, object and user identifiers must also be unique outside that domain.
FIG. 2 shows an example of a request originating from outside the administrative domain of a private library system 10 employing conventional access control mechanisms. This example presumes an agreement between the university and the private library to provide all the university's faculty and students with access to the private library's collection.
In the example shown in FIG. 2 Smith, a student at the university, sends via his computing system 30 a request “A” for access to a protected document “x” held outside the university's administrative domain in the private library's collection 12. An access control function 11 within the private library processes the request and determines whether Smith has permission to be given access to document “x.” Here, access control information 13 has been stored within the private library's administrative domain and defines information about Smith and the privileges afforded him or her. Assuming those privileges are adequate to provide Smith with access to document “x,” the access control function 11 returns a yes/no response “B” granting or denying Smith the requested access.
Here, the university's computing system's administrative database 20 includes access control information 22 containing information about Smith with a subject identifier UNIVER_DB_KEY unique within the context of the university's administrative database. Redundant information about Smith is maintained in the private library's conventional access control system, and has a subject identifier PRIV_DB_KEY for SMIIH_RECORD in the Private Library. The private library's subject identifier is unique within the private library, but is likely to be different than the key UNIV_DB_KEY in the university's computing system. Accordingly, conventional access control systems have the problem of requiring access control information about a remote user to be stored redundantly since it must be maintained in more than one computing system. This causes extra overhead for both administrators and users.
A Universal Unique Identifier (UUID) is a known construct for uniquely identifying a data object. A UUID is described in H. M. Gladney, Safeguarding Digital Library Contents and Users, D-Lib Magazine, April 1998, and K. Sollins and L. Masinter, Functional Requirements for Uniform Resource Names, Internet Engineering Task Force RFC 1737, December 1994, both of which are incorporated herein by reference. As discussed in each of the above references, a UUID is a unique identifier that has the following characteristics: global scope and uniqueness, persistence, scalability and extensibility, independence for name-issuing authorities, and as much legacy compatibility as the other requirements allow. Although UUIDs are known, they have not before been used as an object or subject identifier in a database, much less in a database employed for access control.